In the corrective release of the library libpng 1.6.51, used as a direct dependency for about 600 packages in Ubuntu, 4 vulnerabilities, one of which (CVE-2025-65018) leads to an out-of-bounds write. This vulnerability potentially allows for code execution when processing specially designed PNG files.
The problem affects applications that use a simplified API (png_image_finish_read) and is caused by error
/Reports, release notes, official announcements.